Cyber attacks cost UK businesses £18 billion in lost revenue and £16 billion in increased IT spending per year as a result of breaches. And the issue is widespread, 81 percent of UK businesses reported a breach in 2014. Register today for this free webcast to find out more as we discuss..

Following the outstanding success of our 2015 event, SC Congress is returning to London on 10 February 2016. Join hundreds of your information security colleagues to hear the latest news and analysis and to experience the latest solutions in cyber-security. Register today for free.

The views of the industry on the Intel acquisition of McAfee

Yesterday's huge announcement that Intel is to purchase McAfee for $7.7 billion was one of the biggest stories in this industry this year.

The acquisition brought some interesting perspectives from across the technology spectre, and here we look at some of the comments on it.

From an analyst perspective Leslie Fiering, research VP at Gartner, called it a ‘smart strategic move' and said that it was 'part of a larger strategy to enhance Intel's security capabilities, as it follows other recent acquisitions of tenCube and Trust Digital'.

She said: “The goal is to collect and develop IP that can go directly to silicon and bring security down to the hardware level. The embedded security will run outside the OS with a broad variety of software developer hooks. It is highly unlikely that Intel will make any of these proprietary or in any way specific to McAfee.

“Bringing security down to the hardware level is particularly critical at a time when exploits at the OS level are getting more sophisticated on PCs and mobile OSs are still highly immature in the security arena. This move particularly enhances Intel's mobility strategy by adding security as a differentiator as the company girds up to combat the incumbents in the smartphone, ATM, appliance and embedded processor markets.”

However Forrester's Andrew Jaquith described it as a ‘horseless carriage vendor buys buggy-whips', commenting that the price is not so high that it makes Intel look like Daddy Warbucks, but not so low that it looks like McAfee was desperate to sell.

He said: “Everyone agrees that mobility is huge, and that the post-PC market will eventually eclipse today's PC market. Indeed, Forrester data shows that the crossover point is this year. Intel knows this, so it wants to plant a flag in the mobile security space as it believes will be necessary to protect these new devices.

“Moreover, I can understand why Intel feels it ought to be baking more capabilities into silicon: it helps differentiate its chips against rivals AMD and ARM (via its licensees). Adding more functionality to core offerings as a way to entice buyers to upgrade to their platform is a classic strategy that Intel's acquisition target (McAfee) has been perfecting for years with its desktop anti-malware suite.

“That product started as a humble virus scanner. Today it includes anti-spyware, a host firewall, data leak prevention, host intrusion prevention and much more. What McAfee has done on the desktop, Intel intends to do ‘inside', on its silicon.”

He commented that he could see four problems with Intel's strategy: that neither Intel nor McAfee are serious players in the mobility market and this deal does not improve their prospects; that Intel's hardware platform strategy will not work as most enterprises take the least-common-denominator approach to managing their computing assets; that Intel does not understand software; and that the security aftermarket will be very different on post-PC devices.

He said: “All of which leads me to conclude that while Intel's stated rationales for doing the McAfee deal are very forward-looking, its likely actual revenues are mostly about the past. If Intel wants to grow the franchise for protecting PC platforms, the McAfee deal is a great acquisition.

“If you view today's security aftermarket as something that ought to be better left in the ashbin of history, where security is baked into operating systems, this deal is more of a head-scratcher.”

Blogger Bruce Schneier said that the deal was ‘another example of a large non-security company buying a security company', that he has been talking about for two and a half years.

He said: “It's not consolidation as we're used to. In the security industry, there are waves of consolidation, you know, big companies scoop up little companies and then there's lots of consolidation. You've got Symantec and Network Associates that way, and then you have ‘best of breed' where a lot of little companies spring up doing one thing well and then you cobble together a suite yourself.

“What we're going to see is consolidation of non-security companies buying security companies. So, remember, if security is going to no longer be an end-user component, companies that do things that are actually useful are going to need to provide security.

“So, we're seeing Microsoft buying security companies, we're seeing IBM Global Services buy security companies, my company was purchased by BT, another massive global outsourcer. So, that sort of consolidation we are seeing, it's not consolidation of security; it's really the absorption of security into more general IT products and services.”

From a security perspective, Don Smith, VP of engineering and technology at SecureWorks, claimed that it is not as surprising an acquisition as you might first think, as Intel has a number of security technologies, which span from secure virtualisation to secure XML gateways.

Proofpoint looked at the statements made and identified that McAfee's announcement, which said that ‘the current cyber security model is not extensible across the proliferating spectrum of devices – providing protection to a heterogeneous world of connected devices requires a fundamentally new approach to security', is a way of saying that network security in today's world needs a major ‘re-think'.

It also said that certain security functions and controls need to migrate further down the IT application stack and be more of an integral part of the hardware and firmware that power new devices.

It also claimed that it expected this news to spur ongoing M&A activity in the security space and more importantly, the trend toward making security more of a core component of computing devices—rather than an afterthought—will make for a safer computing world.

Rob Rachwald, Imperva's director of security strategy, claimed that the acquisition means one thing, that security cannot be separated from the business.

He said: “In the past, the objective of security was all about keeping the bad guys out while letting the good guys in. However, with the advent of insiders and as external hacking's focus shifted to data theft, the objective of security professionals changed dramatically.

“Data, and the transactions that moved data, meant security teams had to deploy security as a part of supply chains, online transactions and for online collaboration among customers, employees, partners and social networks.”

Philippe Courtot, chairman and chief executive officer of Qualys, commented that the acquisition is another example of the rapid consolidation taking place in the enterprise software industry, as traditional high tech vendors have an increasingly harder time competing against SaaS and cloud computing offerings and can only find growth by embarking on aggressive pricing against their competitors to steal market share.

Eva Chen, CEO at Trend Micro, said: “Intel's decision to purchase a security software company is a clear statement to the industry and investors that security is absolutely fundamental to future technology services and products.

“For current and future customers, Intel's resources may now enable McAfee to offer protection to multiple devices and endpoints, replicating what other vendors, such as Trend Micro, have already achieved through the Smart Protection Network.

“However, the embedded-software model is fundamentally different from the security-software operating model and this is a good opportunity for customers to review their relationship with their security partner to assess whether they will be receiving the services and expertise they need.”

Pat Clawson, CEO of Lumension, commented that the acquisition will not only fundamentally change the security landscape, but will have a ripple affect throughout the industry.

He said: “With this acquisition, Intel is addressing areas that we really need to get better at protecting - smartphones, televisions, medical technology and cash machines. Short term, it gives Intel a competitive advantage but will no doubt make other chip manufacturers, like AMD, consider whether they need to mirror the acquisition.

“For the security industry, it makes the top layer of the security stack – such as Symantec – obvious acquisitions targets not only for chip manufacturers but also hardware providers, such as mobile device manufacturers. On the flip side, it could leave a waste land of security companies, as mid-sized security companies see a diminishing number of prospective acquirers.”

Graham Cluley, senior technology consultant at Sophos, commented that this marks a return to the security sector for Intel after it sold its own anti-virus product (Intel LanDesk Virus Protect) to Symantec in 1998.

He said: “Now, Intel is purchasing Symantec's arch-enemy McAfee and re-entering the business. It's too early to say what the impact of this acquisition will mean to McAfee's customers, but there will no doubt be some happy McAfee shareholders today as the price rises to its highest level since the late 1990s.”

Ron Gula, CEO of Tenable Network Security, said: “I'm curious to see what Intel's commitment to enterprise security software will be post-acquisition. McAfee is best known for its anti-virus solution, but their large-scale security technologies aren't something I see Intel leveraging.

“There are a lot of things wrong with today's anti-virus model, such as tracking the sheer number of potential bad types of software. Putting this into hardware may sound promising, but I question how much can be placed into a chip.

“If Intel can move the anti-virus agent into hardware, I'd like some assurances that this can be patched when a security vulnerability is found with it. Anti-virus software is very complex and we often run into customers whose agents are one or two patch levels behind and open to attack. Patching hardware or firmware is much harder than patching software.”

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.